When it rains, it pours. Yet another "highly critical" hole has been found in Apple Computer Inc.'s Mac OS X operating system, which will allow remote system access by getting someone to visit a malicious Web site. Lixlpixel has reported a vulnerability dealing with how basic Internet elements are addressed in the OS' help facility that allow arbitrary local scripts to be executed on a user's machine. It is also possible to place files in a known location on a system by asking users to download a ".dmg" disk image file. A default browser option in Explorer and Safari will mean a single user click is enough to drive the whole process.
The combination of the two holes, tested and confirmed by security experts Secunia, can therefore allow system access to be achieved "very simply" according to Secunia CTO Thomas Kristensen. The holes affect Safari 1.x and Explorer 5.x. The solution is to change browser options and rename the help URI handler. More details are available on Secunia's site. In the past fortnight, controversy has reigned over security vulnerabilities in the Mac OS, with three security companies accusing Apple of downplaying significant security holes -- twice -- and leaving their customers at risk of compromise.
News source: InfoWorld
The combination of the two holes, tested and confirmed by security experts Secunia, can therefore allow system access to be achieved "very simply" according to Secunia CTO Thomas Kristensen. The holes affect Safari 1.x and Explorer 5.x. The solution is to change browser options and rename the help URI handler. More details are available on Secunia's site. In the past fortnight, controversy has reigned over security vulnerabilities in the Mac OS, with three security companies accusing Apple of downplaying significant security holes -- twice -- and leaving their customers at risk of compromise.
News source: InfoWorld
Lets not forget the security holes in Windows that do not even require user interaction to exploit. This article has so much spin, it's making me dizzy...
http://www.apple.com/downloads/macosx/apple/securityupdate_2004-05-03_(10_3_3_Client).html
http://www.apple.com/downloads/macosx/apple/securityupdate_2004-01-26_(10_3_2_Client).html
http://www.apple.com/downloads/macosx/apple/securityupdate20031219panther.html
http://www.apple.com/downloads/macosx/apple/securityupdate20031205forpanther.html
http://www.apple.com/downloads/macosx/apple/securityupdate20031104.html
They look pretty on the ball to me. Many of those fixes were made before the vulnerability was even announced...
They did. Click any of the links I posted above. They are fixes for the OSS packages included with the system.
Oh my god. Please stop talking! You are making yourself look like a FOOL!
Since when was this newspost EVER mentioning anything about Windows?
It's really sad how such newspost always end up in such a OS war/flamewar.
You people really need to learn to troll lesser and stop comparing which is better over the other, it's not only already boring, but also very annoying. If you are going to compare how bad OSX is over Windows or how bad Windows is over OSX, either wait for a newspost debating both of the OSes, or if you really can't wait, I'm sure you'll easily find such threads already existing in the forums on the topic. Bringing up a topic comparing the OS in context with some other OS is not only a troll-like, it's lame.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.